Phishing is a term used to describe fraudulent activity that seeks to obtain sensitive or personal information from you - usually by impersonating another person or organisation.

More often than not, phishing involves a fake email or website that looks and feels almost identical to a legitimate one. For example, your bank, your credit card, the government, a courier service, etc. It can also take the form of a phone call, letter or social message from an impostor. Phishing emails can also hide their payload in malicious attachments that contain viruses or malware. In some cases, the message may even appear to come from a colleague or friend (in an effort to gain your trust).

Regardless of the medium, the goal is the same. The fraudster seeks to glean information from you (like your username, password, date of birth, etc) in order to steal your money (perhaps indirectly), steal your identity or gain access to your accounts.

Disclosing even seemingly trivial information can put you at risk as the phisher consolidates these fragments to build up a comprehensive profile about you - often working their way up to higher value targets. For example, learning you recently purchased a kitchen may help someone convince your bank they are you as they have details of your recent financial transactions. Similarly, gaining access to one account may help them compromise another, for example access to your personal email account may help them authorise access to other sites (like your bank).

How can you guard against phishing?

When responding to emails or phone calls, never give your login or personal details and never open file attachments that you aren't expecting. The safest option is to ignore the email entirely or terminate the call. The simple fact is that it is almost impossible to verify the sender of an email or caller - the details can so easily be forged (including the caller's ID, sender's email, etc.). 

Know that MIE will never send you emails that request personal information or your password. Nor will we call you requesting such information.

You should only enter your FitQuest password directly on the website. To verify you are genuinely on our site, check the domain name appears in bold in the address bar (exactly as pictured) with a green secure padlock immediately alongside it. You can view our site's security certificate for additional peace of mind (by clicking the padlock).

To help combat phishing, FitQuest emails are digitally signed using a technology called DKIM. Your email software can use this signature to automatically identify fraudulent emails claiming to originate from FitQuest. However, this is only part of the puzzle. Emails which don't make such a direct claim will not be detected. Additionally not all legitimate senders sign their emails in this manner presently - greatly reducing the effectiveness of this safeguard. So for now you need to remain on your guard!

The best protection against phishing attacks is:

  • Don't click on any links in emails
  • Don't open any attachments or enter information in any forms
  • Don't reply to suspicious emails or messages
  • Avoid disclosing login or personal details
  • Avoid answering questions from unexpected callers (as you cannot verify their veracity).
  • Be wary of survey questionnaires
Using a password manager can also help prevent you entering your password on fraudulent sites inadvertently.